Jump to content

Browser redirects


Recommended Posts

Hello,

When you said "done", what do you mean?

The DDS log had a warning that there's a possible TDL infection. This needs serious follow-up.

Please do not do any websurfing or any online transactions. Follow my guidance. Only go to websites I guide you to.

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for piggyigg only. If you are a casual viewer, do NOT try this on your system!

If you are not piggyigg and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Disable your anti-virus program (only)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

Double click on aswMBR.exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 6

RE-Enable your antivirus program.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 7

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 8

Copy & Paste contents of log from aswMBR & log from TDSSKILLER & RogueKiller log & Log.txt & Info.txt & Checkup.txt.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Maurice,

I've previously had run tdsskiller on 3/11/12...but I picked up your response here and ran it again. I will post both logs....

21:37:22.0062 2672 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

21:37:22.0312 2672 ============================================================

21:37:22.0312 2672 Current date / time: 2012/03/11 21:37:22.0312

21:37:22.0312 2672 SystemInfo:

21:37:22.0312 2672

21:37:22.0312 2672 OS Version: 5.1.2600 ServicePack: 3.0

21:37:22.0312 2672 Product type: Workstation

21:37:22.0312 2672 ComputerName: JI-XF89NK9YYIWV

21:37:22.0469 2672 UserName: Owner

21:37:22.0469 2672 Windows directory: C:\WINDOWS

21:37:22.0469 2672 System windows directory: C:\WINDOWS

21:37:22.0469 2672 Processor architecture: Intel x86

21:37:22.0469 2672 Number of processors: 1

21:37:22.0469 2672 Page size: 0x1000

21:37:22.0469 2672 Boot type: Normal boot

21:37:22.0500 2672 ============================================================

21:37:27.0234 2672 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

21:37:27.0234 2672 \Device\Harddisk0\DR0:

21:37:27.0234 2672 MBR used

21:37:27.0234 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9

21:37:27.0359 2672 Initialize success

21:37:27.0359 2672 ============================================================

21:38:06.0078 2952 ============================================================

21:38:06.0078 2952 Scan started

21:38:06.0078 2952 Mode: Manual; SigCheck; TDLFS;

21:38:06.0078 2952 ============================================================

21:38:08.0390 2952 Abiosdsk - ok

21:38:08.0406 2952 abp480n5 - ok

21:38:08.0500 2952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

21:38:11.0406 2952 ACPI - ok

21:38:11.0578 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

21:38:12.0015 2952 ACPIEC - ok

21:38:12.0094 2952 adpu160m - ok

21:38:12.0172 2952 aeaudio - ok

21:38:12.0281 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

21:38:12.0578 2952 aec - ok

21:38:12.0890 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

21:38:12.0984 2952 AFD - ok

21:38:13.0062 2952 Aha154x - ok

21:38:13.0094 2952 aic78u2 - ok

21:38:13.0109 2952 aic78xx - ok

21:38:13.0140 2952 AliIde - ok

21:38:13.0172 2952 amsint - ok

21:38:13.0265 2952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

21:38:13.0484 2952 Arp1394 - ok

21:38:13.0562 2952 asc - ok

21:38:13.0578 2952 asc3350p - ok

21:38:13.0609 2952 asc3550 - ok

21:38:13.0703 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

21:38:13.0922 2952 AsyncMac - ok

21:38:14.0031 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

21:38:14.0219 2952 atapi - ok

21:38:14.0312 2952 Atdisk - ok

21:38:14.0375 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

21:38:14.0594 2952 Atmarpc - ok

21:38:15.0047 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

21:38:15.0250 2952 audstub - ok

21:38:15.0406 2952 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

21:38:15.0484 2952 bcm4sbxp - ok

21:38:15.0656 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

21:38:15.0953 2952 Beep - ok

21:38:16.0109 2952 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

21:38:16.0156 2952 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

21:38:16.0156 2952 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

21:38:16.0547 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

21:38:16.0797 2952 cbidf2k - ok

21:38:16.0875 2952 cd20xrnt - ok

21:38:16.0953 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

21:38:17.0187 2952 Cdaudio - ok

21:38:17.0328 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

21:38:17.0515 2952 Cdfs - ok

21:38:17.0672 2952 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

21:38:17.0953 2952 Cdrom - ok

21:38:18.0047 2952 Changer - ok

21:38:18.0094 2952 CmdIde - ok

21:38:18.0172 2952 Cpqarray - ok

21:38:18.0203 2952 dac2w2k - ok

21:38:18.0234 2952 dac960nt - ok

21:38:18.0328 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

21:38:18.0562 2952 Disk - ok

21:38:19.0078 2952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

21:38:19.0375 2952 dmboot - ok

21:38:19.0500 2952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

21:38:19.0765 2952 dmio - ok

21:38:19.0890 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

21:38:20.0172 2952 dmload - ok

21:38:20.0344 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

21:38:20.0515 2952 DMusic - ok

21:38:20.0734 2952 dpti2o - ok

21:38:20.0875 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

21:38:21.0109 2952 drmkaud - ok

21:38:21.0297 2952 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

21:38:21.0312 2952 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

21:38:21.0312 2952 drvmcdb - detected UnsignedFile.Multi.Generic (1)

21:38:21.0469 2952 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

21:38:21.0500 2952 drvnddm ( UnsignedFile.Multi.Generic ) - warning

21:38:21.0500 2952 drvnddm - detected UnsignedFile.Multi.Generic (1)

21:38:22.0031 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

21:38:22.0250 2952 Fastfat - ok

21:38:22.0515 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

21:38:22.0703 2952 Fdc - ok

21:38:23.0078 2952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

21:38:23.0265 2952 Fips - ok

21:38:23.0422 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

21:38:23.0656 2952 Flpydisk - ok

21:38:24.0219 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

21:38:24.0453 2952 FltMgr - ok

21:38:24.0609 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

21:38:24.0828 2952 Fs_Rec - ok

21:38:25.0078 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

21:38:25.0297 2952 Ftdisk - ok

21:38:25.0437 2952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

21:38:25.0453 2952 GEARAspiWDM - ok

21:38:25.0594 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

21:38:25.0765 2952 Gpc - ok

21:38:25.0984 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

21:38:26.0187 2952 hidusb - ok

21:38:26.0375 2952 hpn - ok

21:38:26.0500 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

21:38:26.0594 2952 HTTP - ok

21:38:26.0937 2952 i2omgmt - ok

21:38:27.0031 2952 i2omp - ok

21:38:27.0109 2952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

21:38:27.0297 2952 i8042prt - ok

21:38:27.0453 2952 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

21:38:27.0687 2952 ialm - ok

21:38:28.0094 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

21:38:28.0281 2952 Imapi - ok

21:38:28.0390 2952 ini910u - ok

21:38:28.0469 2952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

21:38:28.0672 2952 IntelIde - ok

21:38:28.0906 2952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

21:38:29.0140 2952 intelppm - ok

21:38:29.0265 2952 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

21:38:29.0453 2952 ip6fw - ok

21:38:29.0578 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

21:38:29.0797 2952 IpFilterDriver - ok

21:38:30.0187 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

21:38:30.0375 2952 IpInIp - ok

21:38:30.0625 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

21:38:30.0844 2952 IpNat - ok

21:38:31.0015 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

21:38:31.0250 2952 IPSec - ok

21:38:31.0609 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

21:38:31.0797 2952 IRENUM - ok

21:38:31.0953 2952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

21:38:32.0156 2952 isapnp - ok

21:38:32.0328 2952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

21:38:32.0562 2952 Kbdclass - ok

21:38:32.0734 2952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

21:38:32.0906 2952 kbdhid - ok

21:38:33.0047 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

21:38:33.0234 2952 kmixer - ok

21:38:33.0375 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

21:38:33.0469 2952 KSecDD - ok

21:38:33.0562 2952 lbrtfdc - ok

21:38:33.0703 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

21:38:33.0969 2952 mnmdd - ok

21:38:34.0109 2952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

21:38:34.0297 2952 Modem - ok

21:38:34.0437 2952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

21:38:34.0672 2952 Mouclass - ok

21:38:34.0828 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

21:38:35.0031 2952 mouhid - ok

21:38:35.0453 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

21:38:35.0625 2952 MountMgr - ok

21:38:36.0047 2952 mraid35x - ok

21:38:36.0203 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

21:38:36.0422 2952 MRxDAV - ok

21:38:36.0703 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

21:38:36.0906 2952 MRxSmb - ok

21:38:37.0078 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

21:38:37.0297 2952 Msfs - ok

21:38:37.0422 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

21:38:37.0625 2952 MSKSSRV - ok

21:38:37.0812 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

21:38:38.0000 2952 MSPCLOCK - ok

21:38:38.0125 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

21:38:38.0312 2952 MSPQM - ok

21:38:38.0484 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

21:38:38.0672 2952 mssmbios - ok

21:38:38.0953 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

21:38:39.0015 2952 Mup - ok

21:38:39.0234 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

21:38:39.0625 2952 NDIS - ok

21:38:39.0812 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

21:38:39.0875 2952 NdisTapi - ok

21:38:40.0015 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

21:38:40.0187 2952 Ndisuio - ok

21:38:40.0484 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

21:38:40.0703 2952 NdisWan - ok

21:38:40.0937 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

21:38:41.0062 2952 NDProxy - ok

21:38:41.0203 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

21:38:41.0390 2952 NetBIOS - ok

21:38:41.0578 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

21:38:41.0765 2952 NetBT - ok

21:38:41.0906 2952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

21:38:42.0094 2952 NIC1394 - ok

21:38:42.0234 2952 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys

21:38:42.0328 2952 NPF ( UnsignedFile.Multi.Generic ) - warning

21:38:42.0328 2952 NPF - detected UnsignedFile.Multi.Generic (1)

21:38:42.0484 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

21:38:42.0687 2952 Npfs - ok

21:38:43.0094 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

21:38:43.0344 2952 Ntfs - ok

21:38:43.0500 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

21:38:43.0703 2952 Null - ok

21:38:43.0906 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

21:38:44.0109 2952 NwlnkFlt - ok

21:38:44.0250 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

21:38:44.0437 2952 NwlnkFwd - ok

21:38:44.0578 2952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

21:38:44.0750 2952 ohci1394 - ok

21:38:44.0890 2952 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

21:38:44.0906 2952 OMCI ( UnsignedFile.Multi.Generic ) - warning

21:38:44.0906 2952 OMCI - detected UnsignedFile.Multi.Generic (1)

21:38:44.0984 2952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

21:38:45.0297 2952 Parport - ok

21:38:45.0515 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

21:38:45.0719 2952 PartMgr - ok

21:38:45.0859 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

21:38:46.0047 2952 ParVdm - ok

21:38:46.0187 2952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

21:38:46.0375 2952 PCI - ok

21:38:46.0484 2952 PCIDump - ok

21:38:46.0578 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

21:38:46.0844 2952 PCIIde - ok

21:38:46.0969 2952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

21:38:47.0156 2952 Pcmcia - ok

21:38:47.0234 2952 PDCOMP - ok

21:38:47.0297 2952 PDFRAME - ok

21:38:47.0328 2952 PDRELI - ok

21:38:47.0344 2952 PDRFRAME - ok

21:38:47.0375 2952 perc2 - ok

21:38:47.0390 2952 perc2hib - ok

21:38:47.0500 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

21:38:47.0687 2952 PptpMiniport - ok

21:38:48.0359 2952 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

21:38:48.0609 2952 Processor - ok

21:38:48.0969 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

21:38:49.0156 2952 PSched - ok

21:38:49.0312 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

21:38:49.0594 2952 Ptilink - ok

21:38:49.0734 2952 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

21:38:49.0765 2952 PxHelp20 - ok

21:38:50.0015 2952 ql1080 - ok

21:38:50.0047 2952 Ql10wnt - ok

21:38:50.0062 2952 ql12160 - ok

21:38:50.0094 2952 ql1240 - ok

21:38:50.0109 2952 ql1280 - ok

21:38:50.0219 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

21:38:50.0437 2952 RasAcd - ok

21:38:50.0609 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

21:38:50.0797 2952 Rasl2tp - ok

21:38:50.0984 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

21:38:51.0203 2952 RasPppoe - ok

21:38:51.0359 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

21:38:51.0578 2952 Raspti - ok

21:38:51.0719 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

21:38:51.0890 2952 Rdbss - ok

21:38:52.0015 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

21:38:52.0219 2952 RDPCDD - ok

21:38:52.0390 2952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

21:38:52.0453 2952 RDPWD - ok

21:38:52.0672 2952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

21:38:52.0859 2952 redbook - ok

21:38:53.0015 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

21:38:53.0203 2952 Secdrv - ok

21:38:53.0390 2952 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

21:38:53.0531 2952 senfilt - ok

21:38:53.0687 2952 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

21:38:53.0875 2952 serenum - ok

21:38:54.0031 2952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

21:38:54.0203 2952 Serial - ok

21:38:54.0422 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

21:38:54.0640 2952 Sfloppy - ok

21:38:55.0250 2952 Simbad - ok

21:38:55.0437 2952 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

21:38:55.0469 2952 smwdm - ok

21:38:55.0594 2952 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

21:38:55.0844 2952 SONYPVU1 - ok

21:38:55.0922 2952 Sparrow - ok

21:38:55.0984 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

21:38:56.0187 2952 splitter - ok

21:38:56.0359 2952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

21:38:56.0531 2952 sr - ok

21:38:56.0765 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

21:38:56.0890 2952 Srv - ok

21:38:57.0047 2952 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

21:38:57.0062 2952 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

21:38:57.0062 2952 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

21:38:57.0219 2952 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

21:38:57.0281 2952 ssrtln ( UnsignedFile.Multi.Generic ) - warning

21:38:57.0281 2952 ssrtln - detected UnsignedFile.Multi.Generic (1)

21:38:57.0406 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

21:38:57.0562 2952 swenum - ok

21:38:57.0984 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

21:38:58.0156 2952 swmidi - ok

21:38:58.0234 2952 symc810 - ok

21:38:58.0297 2952 symc8xx - ok

21:38:58.0328 2952 sym_hi - ok

21:38:58.0344 2952 sym_u3 - ok

21:38:58.0437 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

21:38:58.0609 2952 sysaudio - ok

21:38:59.0078 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

21:38:59.0203 2952 Tcpip - ok

21:38:59.0375 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

21:38:59.0531 2952 TDPIPE - ok

21:38:59.0640 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

21:38:59.0875 2952 TDTCP - ok

21:39:00.0000 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

21:39:00.0172 2952 TermDD - ok

21:39:00.0328 2952 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

21:39:00.0406 2952 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

21:39:00.0406 2952 tfsnboio - detected UnsignedFile.Multi.Generic (1)

21:39:00.0562 2952 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

21:39:00.0578 2952 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

21:39:00.0578 2952 tfsncofs - detected UnsignedFile.Multi.Generic (1)

21:39:00.0969 2952 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

21:39:01.0000 2952 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

21:39:01.0000 2952 tfsndrct - detected UnsignedFile.Multi.Generic (1)

21:39:01.0140 2952 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

21:39:01.0172 2952 tfsndres ( UnsignedFile.Multi.Generic ) - warning

21:39:01.0172 2952 tfsndres - detected UnsignedFile.Multi.Generic (1)

21:39:01.0328 2952 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

21:39:01.0344 2952 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

21:39:01.0344 2952 tfsnifs - detected UnsignedFile.Multi.Generic (1)

21:39:01.0500 2952 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

21:39:01.0578 2952 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

21:39:01.0578 2952 tfsnopio - detected UnsignedFile.Multi.Generic (1)

21:39:01.0734 2952 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

21:39:01.0781 2952 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

21:39:01.0781 2952 tfsnpool - detected UnsignedFile.Multi.Generic (1)

21:39:02.0219 2952 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

21:39:02.0250 2952 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

21:39:02.0250 2952 tfsnudf - detected UnsignedFile.Multi.Generic (1)

21:39:02.0422 2952 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

21:39:02.0453 2952 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

21:39:02.0453 2952 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

21:39:02.0625 2952 TosIde - ok

21:39:02.0750 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

21:39:03.0109 2952 Udfs - ok

21:39:03.0172 2952 ultra - ok

21:39:03.0265 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

21:39:03.0453 2952 Update - ok

21:39:03.0656 2952 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

21:39:03.0765 2952 USBAAPL - ok

21:39:04.0000 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

21:39:04.0172 2952 usbccgp - ok

21:39:04.0312 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

21:39:04.0500 2952 usbehci - ok

21:39:04.0640 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

21:39:04.0828 2952 usbhub - ok

21:39:04.0969 2952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

21:39:05.0156 2952 usbprint - ok

21:39:05.0281 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

21:39:05.0469 2952 usbscan - ok

21:39:05.0609 2952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

21:39:05.0765 2952 USBSTOR - ok

21:39:05.0937 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

21:39:06.0297 2952 usbuhci - ok

21:39:06.0422 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

21:39:06.0719 2952 VgaSave - ok

21:39:06.0984 2952 ViaIde - ok

21:39:07.0109 2952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

21:39:07.0406 2952 VolSnap - ok

21:39:07.0562 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

21:39:07.0734 2952 Wanarp - ok

21:39:08.0234 2952 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

21:39:08.0281 2952 Wdf01000 - ok

21:39:08.0406 2952 WDICA - ok

21:39:08.0594 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

21:39:08.0797 2952 wdmaud - ok

21:39:09.0000 2952 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

21:39:09.0078 2952 WpdUsb - ok

21:39:09.0344 2952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

21:39:09.0406 2952 WudfPf - ok

21:39:09.0515 2952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

21:39:09.0547 2952 WudfRd - ok

21:39:09.0672 2952 zumbus - ok

21:39:09.0797 2952 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys

21:39:09.0953 2952 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

21:39:10.0500 2952 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys

21:39:10.0547 2952 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

21:39:10.0578 2952 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0

21:39:10.0609 2952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:39:10.0609 2952 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:39:10.0640 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:39:10.0640 2952 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:39:10.0672 2952 Boot (0x1200) (1fe6f84492cc9c1497d4d5a0a06ad4e8) \Device\Harddisk0\DR0\Partition0

21:39:10.0672 2952 \Device\Harddisk0\DR0\Partition0 - ok

21:39:10.0672 2952 ============================================================

21:39:10.0672 2952 Scan finished

21:39:10.0672 2952 ============================================================

21:39:10.0797 2420 Detected object count: 18

21:39:10.0797 2420 Actual detected object count: 18

21:41:10.0390 2420 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0390 2420 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0390 2420 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0390 2420 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0390 2420 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0390 2420 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0390 2420 NPF ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0406 2420 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0406 2420 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:10.0422 2420 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:10.0422 2420 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

21:41:13.0172 2420 \Device\Harddisk0\DR0\# - copied to quarantine

21:41:13.0172 2420 \Device\Harddisk0\DR0 - copied to quarantine

21:41:13.0219 2420 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

21:41:13.0219 2420 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

21:41:13.0219 2420 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

21:41:13.0219 2420 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

21:41:13.0234 2420 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

21:41:13.0234 2420 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

21:41:13.0281 2420 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

21:41:13.0312 2420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:41:13.0312 2420 \Device\Harddisk0\DR0 - ok

21:41:45.0797 2420 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:41:45.0797 2420 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:41:45.0797 2420 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:41:54.0890 1748 Deinitialize success

06:02:44.0828 2484 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

06:02:45.0078 2484 ============================================================

06:02:45.0078 2484 Current date / time: 2012/03/18 06:02:45.0078

06:02:45.0078 2484 SystemInfo:

06:02:45.0078 2484

06:02:45.0078 2484 OS Version: 5.1.2600 ServicePack: 3.0

06:02:45.0078 2484 Product type: Workstation

06:02:45.0078 2484 ComputerName: JI-XF89NK9YYIWV

06:02:45.0078 2484 UserName: Owner

06:02:45.0078 2484 Windows directory: C:\WINDOWS

06:02:45.0078 2484 System windows directory: C:\WINDOWS

06:02:45.0078 2484 Processor architecture: Intel x86

06:02:45.0078 2484 Number of processors: 1

06:02:45.0078 2484 Page size: 0x1000

06:02:45.0078 2484 Boot type: Normal boot

06:02:45.0078 2484 ============================================================

06:02:47.0750 2484 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

06:02:47.0750 2484 \Device\Harddisk0\DR0:

06:02:47.0750 2484 MBR used

06:02:47.0750 2484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9

06:02:47.0796 2484 Initialize success

06:02:47.0796 2484 ============================================================

06:02:49.0078 3960 ============================================================

06:02:49.0078 3960 Scan started

06:02:49.0078 3960 Mode: Manual;

06:02:49.0078 3960 ============================================================

06:02:50.0296 3960 Abiosdsk - ok

06:02:50.0312 3960 abp480n5 - ok

06:02:50.0406 3960 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

06:02:50.0406 3960 ACPI - ok

06:02:50.0531 3960 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

06:02:50.0531 3960 ACPIEC - ok

06:02:50.0625 3960 adpu160m - ok

06:02:50.0640 3960 aeaudio - ok

06:02:50.0718 3960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

06:02:50.0718 3960 aec - ok

06:02:50.0859 3960 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

06:02:50.0875 3960 AFD - ok

06:02:50.0953 3960 Aha154x - ok

06:02:51.0234 3960 aic78u2 - ok

06:02:51.0421 3960 aic78xx - ok

06:02:51.0484 3960 AliIde - ok

06:02:51.0515 3960 amsint - ok

06:02:51.0609 3960 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

06:02:51.0609 3960 Arp1394 - ok

06:02:52.0078 3960 asc - ok

06:02:52.0109 3960 asc3350p - ok

06:02:52.0171 3960 asc3550 - ok

06:02:52.0234 3960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

06:02:52.0234 3960 AsyncMac - ok

06:02:52.0390 3960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

06:02:52.0390 3960 atapi - ok

06:02:52.0484 3960 Atdisk - ok

06:02:52.0531 3960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

06:02:52.0531 3960 Atmarpc - ok

06:02:52.0671 3960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

06:02:52.0671 3960 audstub - ok

06:02:52.0828 3960 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

06:02:52.0828 3960 bcm4sbxp - ok

06:02:52.0953 3960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

06:02:52.0968 3960 Beep - ok

06:02:53.0109 3960 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

06:02:53.0109 3960 BVRPMPR5 - ok

06:02:53.0140 3960 catchme - ok

06:02:53.0281 3960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

06:02:53.0281 3960 cbidf2k - ok

06:02:53.0359 3960 cd20xrnt - ok

06:02:53.0437 3960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

06:02:53.0437 3960 Cdaudio - ok

06:02:53.0593 3960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

06:02:53.0609 3960 Cdfs - ok

06:02:53.0750 3960 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

06:02:53.0750 3960 Cdrom - ok

06:02:53.0859 3960 Changer - ok

06:02:53.0984 3960 CmdIde - ok

06:02:54.0078 3960 Cpqarray - ok

06:02:54.0093 3960 dac2w2k - ok

06:02:54.0125 3960 dac960nt - ok

06:02:54.0187 3960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

06:02:54.0187 3960 Disk - ok

06:02:54.0343 3960 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

06:02:54.0359 3960 dmboot - ok

06:02:54.0500 3960 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

06:02:54.0500 3960 dmio - ok

06:02:54.0625 3960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

06:02:54.0625 3960 dmload - ok

06:02:54.0765 3960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

06:02:54.0765 3960 DMusic - ok

06:02:54.0859 3960 dpti2o - ok

06:02:54.0937 3960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

06:02:54.0937 3960 drmkaud - ok

06:02:55.0078 3960 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys

06:02:55.0078 3960 drvmcdb - ok

06:02:55.0234 3960 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys

06:02:55.0234 3960 drvnddm - ok

06:02:55.0406 3960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

06:02:55.0406 3960 Fastfat - ok

06:02:55.0578 3960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

06:02:55.0578 3960 Fdc - ok

06:02:55.0718 3960 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

06:02:55.0718 3960 Fips - ok

06:02:55.0859 3960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

06:02:55.0859 3960 Flpydisk - ok

06:02:56.0015 3960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

06:02:56.0015 3960 FltMgr - ok

06:02:56.0218 3960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

06:02:56.0218 3960 Fs_Rec - ok

06:02:56.0359 3960 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

06:02:56.0359 3960 Ftdisk - ok

06:02:56.0500 3960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

06:02:56.0500 3960 GEARAspiWDM - ok

06:02:56.0640 3960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

06:02:56.0640 3960 Gpc - ok

06:02:56.0812 3960 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

06:02:56.0812 3960 hidusb - ok

06:02:56.0906 3960 hpn - ok

06:02:56.0968 3960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

06:02:56.0984 3960 HTTP - ok

06:02:57.0093 3960 i2omgmt - ok

06:02:57.0109 3960 i2omp - ok

06:02:57.0234 3960 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

06:02:57.0234 3960 i8042prt - ok

06:02:57.0390 3960 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

06:02:57.0390 3960 ialm - ok

06:02:57.0531 3960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

06:02:57.0531 3960 Imapi - ok

06:02:57.0640 3960 ini910u - ok

06:02:57.0703 3960 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

06:02:57.0703 3960 IntelIde - ok

06:02:57.0843 3960 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

06:02:57.0843 3960 intelppm - ok

06:02:57.0953 3960 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

06:02:57.0953 3960 ip6fw - ok

06:02:58.0062 3960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

06:02:58.0062 3960 IpFilterDriver - ok

06:02:58.0093 3960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

06:02:58.0093 3960 IpInIp - ok

06:02:58.0234 3960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

06:02:58.0250 3960 IpNat - ok

06:02:58.0390 3960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

06:02:58.0390 3960 IPSec - ok

06:02:58.0515 3960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

06:02:58.0515 3960 IRENUM - ok

06:02:58.0656 3960 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

06:02:58.0656 3960 isapnp - ok

06:02:59.0062 3960 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

06:02:59.0062 3960 Kbdclass - ok

06:02:59.0234 3960 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

06:02:59.0234 3960 kbdhid - ok

06:02:59.0390 3960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

06:02:59.0390 3960 kmixer - ok

06:02:59.0531 3960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

06:02:59.0531 3960 KSecDD - ok

06:02:59.0640 3960 lbrtfdc - ok

06:02:59.0734 3960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

06:02:59.0734 3960 mnmdd - ok

06:02:59.0859 3960 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

06:02:59.0859 3960 Modem - ok

06:02:59.0984 3960 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

06:02:59.0984 3960 Mouclass - ok

06:03:00.0140 3960 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

06:03:00.0140 3960 mouhid - ok

06:03:00.0281 3960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

06:03:00.0281 3960 MountMgr - ok

06:03:00.0375 3960 mraid35x - ok

06:03:00.0437 3960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

06:03:00.0453 3960 MRxDAV - ok

06:03:00.0593 3960 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

06:03:00.0593 3960 MRxSmb - ok

06:03:00.0750 3960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

06:03:00.0750 3960 Msfs - ok

06:03:00.0875 3960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

06:03:00.0875 3960 MSKSSRV - ok

06:03:01.0000 3960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

06:03:01.0000 3960 MSPCLOCK - ok

06:03:01.0109 3960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

06:03:01.0109 3960 MSPQM - ok

06:03:01.0234 3960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

06:03:01.0250 3960 mssmbios - ok

06:03:01.0406 3960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

06:03:01.0406 3960 Mup - ok

06:03:01.0546 3960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

06:03:01.0546 3960 NDIS - ok

06:03:01.0687 3960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

06:03:01.0687 3960 NdisTapi - ok

06:03:01.0828 3960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

06:03:01.0828 3960 Ndisuio - ok

06:03:01.0968 3960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

06:03:01.0984 3960 NdisWan - ok

06:03:02.0140 3960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

06:03:02.0140 3960 NDProxy - ok

06:03:02.0203 3960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

06:03:02.0218 3960 NetBIOS - ok

06:03:02.0375 3960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

06:03:02.0375 3960 NetBT - ok

06:03:02.0531 3960 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

06:03:02.0531 3960 NIC1394 - ok

06:03:02.0671 3960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

06:03:02.0671 3960 Npfs - ok

06:03:02.0843 3960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

06:03:02.0859 3960 Ntfs - ok

06:03:03.0187 3960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

06:03:03.0187 3960 Null - ok

06:03:03.0312 3960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

06:03:03.0328 3960 NwlnkFlt - ok

06:03:03.0531 3960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

06:03:03.0531 3960 NwlnkFwd - ok

06:03:03.0687 3960 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

06:03:03.0687 3960 ohci1394 - ok

06:03:03.0843 3960 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS

06:03:03.0843 3960 OMCI - ok

06:03:04.0250 3960 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

06:03:04.0250 3960 Parport - ok

06:03:04.0406 3960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

06:03:04.0406 3960 PartMgr - ok

06:03:04.0562 3960 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

06:03:04.0562 3960 ParVdm - ok

06:03:04.0703 3960 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

06:03:04.0703 3960 PCI - ok

06:03:04.0781 3960 PCIDump - ok

06:03:04.0859 3960 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

06:03:04.0859 3960 PCIIde - ok

06:03:05.0000 3960 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

06:03:05.0000 3960 Pcmcia - ok

06:03:05.0078 3960 PDCOMP - ok

06:03:05.0109 3960 PDFRAME - ok

06:03:05.0125 3960 PDRELI - ok

06:03:05.0156 3960 PDRFRAME - ok

06:03:05.0171 3960 perc2 - ok

06:03:05.0203 3960 perc2hib - ok

06:03:05.0296 3960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

06:03:05.0296 3960 PptpMiniport - ok

06:03:05.0437 3960 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

06:03:05.0437 3960 Processor - ok

06:03:05.0593 3960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

06:03:05.0593 3960 PSched - ok

06:03:05.0750 3960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

06:03:05.0750 3960 Ptilink - ok

06:03:05.0906 3960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

06:03:05.0906 3960 PxHelp20 - ok

06:03:06.0000 3960 ql1080 - ok

06:03:06.0031 3960 Ql10wnt - ok

06:03:06.0046 3960 ql12160 - ok

06:03:06.0062 3960 ql1240 - ok

06:03:06.0093 3960 ql1280 - ok

06:03:06.0171 3960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

06:03:06.0187 3960 RasAcd - ok

06:03:06.0375 3960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

06:03:06.0375 3960 Rasl2tp - ok

06:03:06.0546 3960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

06:03:06.0546 3960 RasPppoe - ok

06:03:06.0671 3960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

06:03:06.0671 3960 Raspti - ok

06:03:06.0796 3960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

06:03:06.0796 3960 Rdbss - ok

06:03:06.0937 3960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

06:03:06.0937 3960 RDPCDD - ok

06:03:07.0125 3960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

06:03:07.0125 3960 RDPWD - ok

06:03:07.0312 3960 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

06:03:07.0312 3960 redbook - ok

06:03:07.0515 3960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

06:03:07.0515 3960 Secdrv - ok

06:03:07.0671 3960 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

06:03:07.0687 3960 senfilt - ok

06:03:07.0843 3960 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

06:03:07.0843 3960 serenum - ok

06:03:07.0968 3960 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

06:03:07.0968 3960 Serial - ok

06:03:08.0156 3960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

06:03:08.0156 3960 Sfloppy - ok

06:03:08.0265 3960 Simbad - ok

06:03:08.0359 3960 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

06:03:08.0359 3960 smwdm - ok

06:03:08.0484 3960 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

06:03:08.0484 3960 SONYPVU1 - ok

06:03:08.0562 3960 Sparrow - ok

06:03:08.0640 3960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

06:03:08.0640 3960 splitter - ok

06:03:08.0828 3960 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

06:03:08.0828 3960 sr - ok

06:03:08.0984 3960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

06:03:09.0000 3960 Srv - ok

06:03:09.0156 3960 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys

06:03:09.0156 3960 sscdbhk5 - ok

06:03:09.0312 3960 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys

06:03:09.0312 3960 ssrtln - ok

06:03:09.0453 3960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

06:03:09.0453 3960 swenum - ok

06:03:09.0609 3960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

06:03:09.0609 3960 swmidi - ok

06:03:09.0734 3960 symc810 - ok

06:03:09.0750 3960 symc8xx - ok

06:03:09.0765 3960 sym_hi - ok

06:03:09.0796 3960 sym_u3 - ok

06:03:09.0875 3960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

06:03:09.0875 3960 sysaudio - ok

06:03:10.0062 3960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

06:03:10.0062 3960 Tcpip - ok

06:03:10.0312 3960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

06:03:10.0328 3960 TDPIPE - ok

06:03:10.0421 3960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

06:03:10.0437 3960 TDTCP - ok

06:03:10.0562 3960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

06:03:10.0562 3960 TermDD - ok

06:03:10.0734 3960 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys

06:03:10.0734 3960 tfsnboio - ok

06:03:10.0890 3960 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys

06:03:10.0890 3960 tfsncofs - ok

06:03:11.0046 3960 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys

06:03:11.0046 3960 tfsndrct - ok

06:03:11.0343 3960 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys

06:03:11.0343 3960 tfsndres - ok

06:03:11.0484 3960 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys

06:03:11.0484 3960 tfsnifs - ok

06:03:11.0640 3960 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys

06:03:11.0640 3960 tfsnopio - ok

06:03:11.0812 3960 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys

06:03:11.0812 3960 tfsnpool - ok

06:03:11.0953 3960 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys

06:03:11.0968 3960 tfsnudf - ok

06:03:12.0125 3960 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys

06:03:12.0125 3960 tfsnudfa - ok

06:03:12.0218 3960 TosIde - ok

06:03:12.0296 3960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

06:03:12.0296 3960 Udfs - ok

06:03:12.0359 3960 ultra - ok

06:03:12.0406 3960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

06:03:12.0421 3960 Update - ok

06:03:12.0562 3960 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

06:03:12.0578 3960 USBAAPL - ok

06:03:12.0687 3960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

06:03:12.0703 3960 usbccgp - ok

06:03:12.0859 3960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

06:03:12.0859 3960 usbehci - ok

06:03:13.0000 3960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

06:03:13.0000 3960 usbhub - ok

06:03:13.0140 3960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

06:03:13.0140 3960 usbprint - ok

06:03:13.0296 3960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

06:03:13.0296 3960 usbscan - ok

06:03:13.0406 3960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

06:03:13.0406 3960 USBSTOR - ok

06:03:13.0531 3960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

06:03:13.0531 3960 usbuhci - ok

06:03:13.0687 3960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

06:03:13.0687 3960 VgaSave - ok

06:03:13.0796 3960 ViaIde - ok

06:03:13.0859 3960 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

06:03:13.0875 3960 VolSnap - ok

06:03:14.0046 3960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

06:03:14.0046 3960 Wanarp - ok

06:03:14.0250 3960 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

06:03:14.0265 3960 Wdf01000 - ok

06:03:14.0343 3960 WDICA - ok

06:03:14.0421 3960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

06:03:14.0421 3960 wdmaud - ok

06:03:14.0625 3960 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

06:03:14.0625 3960 WpdUsb - ok

06:03:14.0703 3960 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

06:03:14.0703 3960 WS2IFSL - ok

06:03:14.0859 3960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

06:03:14.0859 3960 WudfPf - ok

06:03:14.0906 3960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

06:03:14.0906 3960 WudfRd - ok

06:03:15.0031 3960 zumbus - ok

06:03:15.0125 3960 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys

06:03:15.0125 3960 {6080A529-897E-4629-A488-ABA0C29B635E} - ok

06:03:15.0265 3960 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys

06:03:15.0265 3960 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok

06:03:15.0312 3960 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

06:03:15.0500 3960 \Device\Harddisk0\DR0 - ok

06:03:15.0500 3960 Boot (0x1200) (1fe6f84492cc9c1497d4d5a0a06ad4e8) \Device\Harddisk0\DR0\Partition0

06:03:15.0500 3960 \Device\Harddisk0\DR0\Partition0 - ok

06:03:15.0515 3960 ============================================================

06:03:15.0515 3960 Scan finished

06:03:15.0515 3960 ============================================================

06:03:15.0531 2368 Detected object count: 0

06:03:15.0531 2368 Actual detected object count: 0

Link to post
Share on other sites

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 03/18/2012 06:14:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC35L090AVV207-0 +++++

--- User ---

[MBR] 6b61654af29af97c554fd93638735cc2

[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76253 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Owner at 2012-03-18 06:53:51

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 21 GB (27%) free of 76 GB

Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:53:55 AM, on 3/18/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\RSIT.exe

C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.fostercity.org/reports/mgaxctrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220825592984

O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220825585702

O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} (CISCO Portforwarder Control) - https://cvpn.uhc.com/+CSCOL+/cscopf.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate1c9db32f3ca29d0) (gupdate1c9db32f3ca29d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 7809 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-02-09 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-10-02 155648]

"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-02 118784]

"Dell AIO Printer A960"=C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe [2003-09-21 270336]

"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-08-06 114741]

"StorageGuard"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-04-20 58656]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm

"vidc.iv41"=ir41_32.ax

"msacm.iac2"=iac25_32.ax

"vidc.iv50"=ir50_32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-03-18 06:53:51 ----D---- C:\rsit

2012-03-18 06:12:41 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys

2012-03-18 06:02:44 ----A---- C:\TDSSKiller.2.7.20.0_18.03.2012_06.02.44_log.txt

2012-03-18 05:57:52 ----D---- C:\Program Files\ERUNT

2012-03-12 04:20:04 ----A---- C:\ComboFix.txt

2012-03-11 21:59:43 ----A---- C:\Boot.bak

2012-03-11 21:59:39 ----RASHD---- C:\cmdcons

2012-03-11 21:56:05 ----A---- C:\WINDOWS\NIRCMD.exe

2012-03-11 21:56:05 ----A---- C:\WINDOWS\MBR.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\zip.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\SWXCACLS.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\SWSC.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\SWREG.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\sed.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\PEV.exe

2012-03-11 21:56:04 ----A---- C:\WINDOWS\grep.exe

2012-03-11 21:55:56 ----D---- C:\WINDOWS\ERDNT

2012-03-11 21:55:51 ----D---- C:\Qoobox

2012-03-11 21:41:10 ----D---- C:\TDSSKiller_Quarantine

2012-03-11 21:37:22 ----A---- C:\TDSSKiller.2.7.20.0_11.03.2012_21.37.22_log.txt

2012-03-11 07:49:32 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files

2012-03-11 07:39:35 ----D---- C:\Program Files\AVG

2012-03-11 07:37:05 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData

2012-03-09 08:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$

2012-03-09 07:59:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

2012-03-09 07:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$

2012-03-09 07:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$

2012-03-09 07:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$

2012-03-09 07:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$

2012-03-09 07:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$

2012-03-09 07:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$

2012-03-09 07:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$

2012-03-09 07:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$

2012-03-09 07:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$

2012-03-09 07:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$

2012-03-09 07:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$

2012-03-09 07:02:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2633171$

2012-03-07 07:25:14 ----D---- C:\Documents and Settings\Owner\Application Data\PCDr

======List of files/folders modified in the last 1 month======

2012-03-18 06:53:55 ----D---- C:\Program Files\Trend Micro

2012-03-18 06:12:50 ----D---- C:\WINDOWS\Prefetch

2012-03-18 06:12:41 ----D---- C:\WINDOWS\system32\drivers

2012-03-18 05:57:52 ----RD---- C:\Program Files

2012-03-17 21:11:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-03-16 05:26:53 ----A---- C:\WINDOWS\dellstat.ini

2012-03-16 05:24:41 ----D---- C:\WINDOWS\Temp

2012-03-12 04:17:50 ----D---- C:\WINDOWS\system32\CatRoot2

2012-03-12 04:12:22 ----D---- C:\WINDOWS

2012-03-12 04:12:22 ----A---- C:\WINDOWS\system.ini

2012-03-12 04:12:03 ----D---- C:\WINDOWS\system32\drivers\etc

2012-03-12 04:11:39 ----D---- C:\WINDOWS\system32\config

2012-03-12 04:09:25 ----D---- C:\WINDOWS\system32

2012-03-12 04:09:24 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-03-12 04:09:12 ----D---- C:\Program Files\Internet Protection

2012-03-12 04:07:32 ----D---- C:\WINDOWS\AppPatch

2012-03-12 04:07:29 ----D---- C:\Program Files\Common Files

2012-03-11 21:59:43 ----RASH---- C:\boot.ini

2012-03-11 21:09:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-03-11 07:49:31 ----SHD---- C:\WINDOWS\Installer

2012-03-11 07:48:57 ----HD---- C:\WINDOWS\inf

2012-03-11 07:39:30 ----D---- C:\WINDOWS\WinSxS

2012-03-11 07:39:29 ----D---- C:\Program Files\Common Files\Microsoft Shared

2012-03-09 18:11:16 ----D---- C:\WINDOWS\system32\wbem

2012-03-09 08:24:43 ----RSD---- C:\WINDOWS\assembly

2012-03-09 08:24:43 ----D---- C:\WINDOWS\Microsoft.NET

2012-03-09 07:59:56 ----A---- C:\WINDOWS\imsins.BAK

2012-03-09 07:51:16 ----D---- C:\Program Files\Microsoft Office

2012-03-09 07:43:43 ----D---- C:\Program Files\Internet Explorer

2012-03-09 07:43:03 ----D---- C:\WINDOWS\ie8updates

2012-03-09 07:42:36 ----HD---- C:\WINDOWS\$hf_mig$

2012-03-09 07:39:37 ----A---- C:\WINDOWS\win.ini

2012-03-07 07:25:13 ----SD---- C:\WINDOWS\Downloaded Program Files

2012-03-03 18:27:58 ----D---- C:\Program Files\Google

2012-03-03 18:27:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2012-03-01 21:27:44 ----D---- C:\WINDOWS\Registration

2012-02-28 23:52:00 ----D---- C:\WINDOWS\system

2012-02-28 23:51:33 ----D---- C:\WINDOWS\VirtualEar

2012-02-26 03:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$

2012-02-25 22:14:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2003-07-31 84576]

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 PxHelp20;PxHelp20; C:\WINDOWS\system32\DRIVERS\PxHelp20.sys [2010-07-12 45648]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-08-06 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-08-06 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-08-06 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-08-06 2233]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-08-06 83284]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-08-06 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-08-06 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-08-06 98068]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-08-06 100373]

R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]

R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]

R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []

S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 mbr;mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 TrueSight;TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-08-02 42496]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate1c9db32f3ca29d0;Google Update Service (gupdate1c9db32f3ca29d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-22 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-18 194104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-22 133104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.09 2012-03-18 06:53:57

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -maintain activex

Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

AIM Pro-->MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bing Maps 3D-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033

CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Dell AIO Printer A960-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960

Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}

Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB973442)-->"C:\WINDOWS\$NtUninstallKB973442_WM11$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Intel® System Information Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}\setup.exe"

iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

NOOK for PC-->"C:\Program Files\Barnes & Noble\BNDesktopReader\uninstall.exe"

Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel

QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

Savings Bond Wizard-->C:\WINDOWS\unvise32.exe C:\Program Files\Savings Bond Wizard\uninstal.log

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly

Stellarium 0.10.5-->"C:\Program Files\Stellarium\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WXTide32-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.ntx86 132 C:\WINDOWS\INF\WXTIDE47.INF

======System event log======

Computer Name: JI-XF89NK9YYIWV

Event Code: 36

Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Record Number: 47531

Source Name: W32Time

Time Written: 20111230223200.000000-300

Event Type: warning

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 12

Message: The device 'TEAC DVD+RW DV-W58E' (IDE\CdRomTEAC_DVD+RW_DV-W58E_____________________D.0J____\5&2641f507&0&0.1.0) disappeared from the system without first being prepared for removal.

Record Number: 47527

Source Name: PlugPlayManager

Time Written: 20111230205155.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 9

Message: The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Record Number: 47526

Source Name: atapi

Time Written: 20111230205154.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 9

Message: The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Record Number: 47525

Source Name: atapi

Time Written: 20111230183244.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 36

Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Record Number: 47459

Source Name: W32Time

Time Written: 20111228234100.000000-300

Event Type: warning

User:

=====Application event log=====

Computer Name: JI-XF89NK9YYIWV

Event Code: 1001

Message: Fault bucket -2136891283.

Record Number: 29249

Source Name: Application Hang

Time Written: 20111229232753.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 1002

Message: Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 29248

Source Name: Application Hang

Time Written: 20111229232730.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 29245

Source Name: Application Hang

Time Written: 20111229172620.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 28520

Source Name: Application Hang

Time Written: 20111223191352.000000-300

Event Type: error

User:

Computer Name: JI-XF89NK9YYIWV

Event Code: 1002

Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 28519

Source Name: Application Hang

Time Written: 20111223191350.000000-300

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0209

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.31

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

McAfee Security Scan Plus

```````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Java 6 Update 24

Java 6 Update 2

Java version out of date!

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

These steps are for piggyigg only. If you are a casual viewer, do NOT try this on your system!

If you are not piggyigg and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

What happened when you posted the RSIT Log.txt ? ---- the whole of it had over-strikes !! ??

You do not show that this pc has an anti-virus program ! You must have one & have it up-to-date. Get one right away.

McAfee Security Scan Plus is NOT a substitute nor is it a complete anti-virus program.

http://us.mcafee.com...pages/np681.asp

Install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious viruses.

Three good antivirus programs free for non-commercial home use are Avast!, Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Step 2

Once antivirus is installed, make sure you do an Update run, and that it is up-to-date with current definitions. :excl:

Step 3

Turn off your anti-virus program during run of these next tools.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • Next, click the DNS tab, and then click on the DNS Fix button
  • When done, logoff & Restart the system.

Step 4

Delete all prior copies of TDSSKILLER. Then get the latest version. :excl:

Recheck & do again: Turn off your anti-virus program during run of these next tools.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Turn off your anti-virus program during run of these next tools.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 6

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg & accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of contents of TDSSKILLER log

and C:\Combofix.txt

and tell me, How is your computer now ?

Link to post
Share on other sites

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

You need to follow-up & remove the tools I had you use. OTC will help with that.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.